X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fhierarchy.py;h=4732dbc75e5338a4390333f04d88a8d4508f853c;hb=ef88def5f530ccd7ee8aabe0527de3e0f9f334ba;hp=b3e730f3b6967a2ece04f4e9c4f96a8e67544fc4;hpb=256e32eb6cdcecc9b983f2bba4fc3bcb2fbd34f8;p=sfa.git diff --git a/sfa/trust/hierarchy.py b/sfa/trust/hierarchy.py index b3e730f3..4732dbc7 100644 --- a/sfa/trust/hierarchy.py +++ b/sfa/trust/hierarchy.py @@ -12,16 +12,14 @@ # *.DBINFO - database info ## -### $Id$ -### $URL$ - import os -from sfa.util.report import * +from sfa.util.faults import * +from sfa.util.sfalogging import sfa_logger +from sfa.util.xrn import get_leaf, get_authority, hrn_to_urn, urn_to_hrn from sfa.trust.certificate import Keypair -from sfa.trust.credential import * +from sfa.trust.credential import Credential from sfa.trust.gid import GID, create_uuid -from sfa.util.namespace import * from sfa.util.config import Config from sfa.util.sfaticket import SfaTicket @@ -60,6 +58,12 @@ class AuthInfo: self.gid_filename = fn self.gid_object = None + def get_privkey_filename(self): + return self.privkey_filename + + def get_gid_filename(self): + return self.gid_filename + ## # Get the GID in the form of a GID object @@ -155,12 +159,13 @@ class Hierarchy: def create_auth(self, xrn, create_parents=False): hrn, type = urn_to_hrn(xrn) - trace("Hierarchy: creating authority: " + hrn) + sfa_logger().debug("Hierarchy: creating authority: " + hrn) # create the parent authority if necessary parent_hrn = get_authority(hrn) - if (parent_hrn) and (not self.auth_exists(parent_hrn)) and (create_parents): - self.create_auth(parent_hrn, create_parents) + parent_urn = hrn_to_urn(parent_hrn, 'authority') + if (parent_hrn) and (not self.auth_exists(parent_urn)) and (create_parents): + self.create_auth(parent_urn, create_parents) (directory, gid_filename, privkey_filename, dbinfo_filename) = \ self.get_auth_filenames(hrn) @@ -174,7 +179,7 @@ class Hierarchy: pass if os.path.exists(privkey_filename): - print "using existing key", privkey_filename, "for authority", hrn + sfa_logger().debug("using existing key %r for authority %r"%(privkey_filename,hrn)) pkey = Keypair(filename = privkey_filename) else: pkey = Keypair(create = True) @@ -198,10 +203,9 @@ class Hierarchy: # @param xrn the human readable name of the authority to create (urn will be converted to hrn). def get_auth_info(self, xrn): - - #trace("Hierarchy: getting authority: " + hrn) hrn, type = urn_to_hrn(xrn) if not self.auth_exists(hrn): + sfa_logger().warning("Hierarchy: mising authority - xrn=%s, hrn=%s"%(xrn,hrn)) raise MissingAuthority(hrn) (directory, gid_filename, privkey_filename, dbinfo_filename) = \ @@ -244,6 +248,7 @@ class Hierarchy: parent_auth_info = self.get_auth_info(parent_hrn) gid.set_issuer(parent_auth_info.get_pkey_object(), parent_auth_info.hrn) gid.set_parent(parent_auth_info.get_gid_object()) + gid.set_intermediate_ca(True) gid.set_pubkey(pkey) gid.encode() @@ -296,18 +301,20 @@ class Hierarchy: cred.set_gid_caller(gid) cred.set_gid_object(gid) cred.set_privileges(kind) - cred.set_delegate(True) - cred.set_pubkey(auth_info.get_gid_object().get_pubkey()) + cred.get_privileges().delegate_all_privileges(True) + #cred.set_pubkey(auth_info.get_gid_object().get_pubkey()) parent_hrn = get_authority(hrn) if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN: # if there is no parent hrn, then it must be self-signed. this # is where we terminate the recursion - cred.set_issuer(auth_info.get_pkey_object(), hrn) + cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename()) else: # we need the parent's private key in order to sign this GID parent_auth_info = self.get_auth_info(parent_hrn) - cred.set_issuer(parent_auth_info.get_pkey_object(), parent_auth_info.hrn) + cred.set_issuer_keys(parent_auth_info.get_privkey_filename(), parent_auth_info.get_gid_filename()) + + cred.set_parent(self.get_auth_cred(parent_hrn, kind)) cred.encode()